Cybersecurity

July 1, 2020
By Allison Annick
After serving in the U.S. Navy during World War II, Grace Hopper remained in the naval reserve. In 1952, her team at Remington Rand created the first compiler for computer languages, which was a precursor for COBOL. In this 1960 report, Hopper stands next to a mainframe computer that ran using COBOL. Courtesy of the Computer History Museum

At 61 years old, the common business-oriented language is the same age as many college kids’ parents. The coding language had its own exhibit in the Smithsonian National Museum of American History in 2013. Many in the industry now call it a “legacy language,” but its continued, widespread use tells a different story.

July 1, 2020
By Stephen Wood
Devices such as copiers have been updated with Internet connectivity, creating a potential risk as an entry point to the network. Credit: Andrey_Popov/Shutterstock

In the past two years, hackers have increasingly targeted Internet of Things devices to breach cybersecurity defenses. Because these devices are frequently not patched when software flaws are found, they represent a soft target for attackers. In 2017, 15 percent of all successful attacks exploited one of these device’s beachheads. By 2019, that number increased to 26 percent of all incidents with growth expected to continue, according to a recent analysis performed by Ponemon Institute.

July 1, 2020
By Capt. Alex M. Roberts, USAF
U.S. Marines with 8th Communication Battalion, II Marine Expeditionary Force Information Group, collaborate as part of Team Spartan during Cyber Fury 2020. Cyber Fury is an annual training exercise that allows Marines to simulate a series of cyberspace attacks by identifying and countering them. Credit: Lance Cpl. Haley McMenamin, USMC

With the 2020 election fast approaching and tensions with Iran continually shifting, many people are looking to U.S. Cyber Command to help ensure cybersecurity. The command faces an uphill battle because the current construct allows each service branch to retain tactical command of its organic cyber experts. To be more successful in the cyberspace domain, the command needs to take over tasking authority for all cyber-related units, establish a standardized joint cyber schoolhouse and establish a Joint Cyber Operations Command to perform joint, effects-driven cyber operations.

June 25, 2020
 

ASIRTek Federal Services LLC, San Antonio, Texas, has been awarded a $78,000,000 firm-fixed-price contract for information security support services.  This contract provides for proactive support of the foundational pillars of this requirement, which are cybersecurity improvement initiatives and cybersecurity support. Work will be performed at Joint Base San Antonio-Lackland, Texas. Additional on-site support locations may include Joint Base Langley-Eustis, Virginia; Robins Air Force Base, Georgia; Tyndall AFB, Florida; Randolph AFB, Texas; and Davis-Monthan AFB, Arizona.  Work is expected to be completed June 28, 2025. This award is the result of a competitive acquisition with 24 offers received.

June 12, 2020
 

ICF Inc. LLC, Fairfax, Virginia, was awarded a $13,444,607 modification (P00036) to contract W911QX-17-C-0018 to extend mission critical defense cyber operation services provided by ICF. Work will be performed in Adelphi, Columbia, Fort Meade, and Aberdeen Proving Ground, Maryland; Fort Belvoir, Virginia; San Antonio, Texas; and Colorado Springs, Colorado, with an estimated completion date of December 15, 2020. Fiscal year 2020 research, development, test and evaluation, Army funds in the amount of $13,444,607 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity.

June 1, 2020
By Maryann Lawlor
It’s tempting to think of open source software as free, but users must take into consideration the cost of systems and data protection. Credit: Wright Studio/Shutterstock

The efficiencies of using and embedding open source software (OSS) carry many risks. In the advent of free repositories and millions of open source projects, the notion of any reasonable centralized authentication about the origin or any assurance as to correctness is virtually impossible. As a result, users should cultivate trust relationships with a few suppliers and keep them up to date.

August 16, 2016
By Sandra Jontz
A Louisiana Army National Guard chief communications plans officer trains members of the Cyber Defense Incident Response Team to defend the state’s cyber assets in November 2015. Photo courtesy DOD

Information technology modernization has reached a precipice within the federal government as agencies struggle to manage many moving parts and jockey for the same pot of money and talent. Add to the fray the results of a new survey showing an alarming reliance by federal agencies on outdated information technology systems.

May 19, 2020
Posted by Kimberly Underwood
Credit: Shutterstock/Pogorelova Olga

The Space Force has announced that the planned satellite hacking challenge known as Space Security Challenge 2020: Hack-A-Sat would proceed as planned, but in a virtual format due to the pandemic. The Department of the Air Force and the Defense Digital Service's (DDS's) event includes an online qualification event May 22-24, followed by a final August 7-9. During the final, participants will attempt to reverse-engineer representative ground-based and on-orbit satellite system components to overcome planted “flags” or software code.

May 11, 2020
By Maryann Lawlor
Katie Arrington (r), chief information security officer, office of the undersecretary of defense for acquisition, U.S. Defense Department, and other Pentagon acquisition officials brief reporters on cybersecurity standards for government. Photo by Petty Officer 2nd Class James K. Lee, USN

The coronavirus is not stopping the U.S. Defense Department from proceeding with work on the Cybersecurity Maturity Model Certification (CMMC), and it shouldn’t slow down industry in doing the same. Although some of the public hearings that should have taken place by now have been delayed because of the pandemic, the CMMC team continues to train and get the word out about rules changes.

May 11, 2020
 

ForAllSecure, a NEA portfolio company, announced that is will provide the Defense Department with a next-generation fuzzing solution under a $45 million contract with the Defense Innovation Unit. The company's software security product, known as Mayhem, will be used by several DOD entitieservices branches, including: the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command and the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center, according to the company. The product, which automatically finds software vulnerabilities, is a patented next-generation solution developed at Carnegie Mellon University.

May 1, 2020
By Robert K. Ackerman
Members of the NATO Military Committee are briefed at the NATO Joint Warfare Centre in Norway. The Atlantic alliance is broadening its activities in cybersecurity amid more diverse threats and growing new technologies. Credit: NATO

NATO is doubling down on cyberspace defense with increased partnerships and new technology thrusts. Information exchanges on threats and solutions, coupled with research into exotic capabilities such as artificial intelligence, are part of alliance efforts to secure its own networks and aid allies in the cybersecurity fight.

The threats the alliance networks face constitute relatively the same ones confronting other organizations. NATO faces the double challenge of securing its own networks and information assets, as well as helping its member nations improve their own national cyber resilience.

May 1, 2020
By Shaun Waterman
A SpaceX Falcon 9 rocket launches the first of the new generation of modernized, harder-to-hack GPS block III satellites in December 2018. GPS is one of the space-based functions that’s increasingly vital to the functioning of the U.S. economy. Credit: GPS.gov

Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.

April 23, 2019
By Robert K. Ackerman
Ty Schieber, chair, CMMC Accreditation Body, promises to post "a tremendous amount of information" on his office's website over the next couple of days, while speaking at the AFCEA Virtual CCMC Symposium.

The success of the new Cybersecurity Maturity Model Certification (CMMC) will hinge largely on diverse types of contractors sharing information and following security standards, said a panel of experts exploring CMMC ramifications. Speaking at AFCEA’s Virtual CMMC Symposium, the government officials emphasized that the CMMC will be both an opportunity and an obligation to the defense community

May 1, 2020
By Kimberly Underwood
Through four use cases, including one that applies to street light operations, the city of Syracuse, New York, is evaluating a secure cloud architecture designed to provide cyber attack protections. Credit: Shutterstock/Debra Millet

Digital structures are needed to protect government information and operations. A group participating in a National Institute of Standards of Technology challenge is offering a secure cloud-based platform that can improve the digital and actual health of a city and protect its information.

May 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Blackboard

As cloud computing gains greater numbers of adherents, their increasing demands are straining security measures designed to guard operations. This problem is going to worsen dramatically when applications such as artificial intelligence development assume a significant presence in the cloud.

Yet those same complications offer opportunities. The new types of security that will need to be applied to the cloud can be used for other forms of cyberspace operations. Solutions to the difficulties of cloud security could help protect data elsewhere commensurate with the enhanced role played by the cloud.

April 23, 2019
By Robert K. Ackerman
Panelists participate in a remote panel discussion hosted by AFCEA’s Virtual CMMC Symposium.

Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.

In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.

“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.

April 23, 2019
By Robert K. Ackerman
Credit: Shutterstock/Anatolii Stoiko

Ensuring the sanctity of defense information goes beyond keeping secrets from the enemy: it also brings to light vulnerabilities in the supply chain. One of the key tenets of the Cybersecurity Maturity Model Certification (CMMC) is to guarantee the sanctity of the supply chain in a time when data is particularly in peril.

A keynote fireside discussion group at AFCEA’s Virtual CMMC Symposium looked at the threats posed to the supply chain in light of the COVID-19 coronavirus pandemic. Bob Kolasky, director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, provided a powerful presentation in which he pulled no punches about the threat.

April 23, 2019
By Robert K. Ackerman

“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.

“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.

April 8, 2020
Posted by Julianne Simpson
Credit: angellodeco/Shutterstock

A joint advisory published today by the U.K.’s National Cyber Security Centre (NCSC) and U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shows that a growing number of cyber criminals are exploiting the COVID-19 outbreak for their own personal gain.

April 1, 2020
By Mark A. Spangler
Navigating today’s cyber battlespace without a robust understanding of organizational risk, mission essential functions and critical cyber terrain can cause even the most seasoned manager to feel digitally adrift. Credit: Original image is a composite of at least nine images and graphics that TriSept’s, Axel Edling, created.

Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.

Pages